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DETAILED ACTION 

1 . The amendment filed on 22 March 2005 has been noted and made of record. 

2. Claims 1-37 have been presented for examination. 

Response to Arguments 

3. Applicant's arguments filed 22 March 2005 have been fully considered but they are not 
persuasive. 

4. In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies, such as the 
identifying HTTP requests that require an electronic signature as well as requests that require 
other services , are not recited in the rejected claim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. See In 
re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

5. In response to Applicant's arguments that Cook does not disclose the abovementioned 
feature, the Examiner refers to column 7. Column 7 discusses another type of service that can be 
performed on the HTTP requests by an entity other than the seller. According to Cook, the 
member signs the slip and then acquires a time stamp certificate to include in the data. 

6. Therefore, Cook discloses a Web application adapted to identify HTTP requests that 
require a service (either a digital signature or a time stamp certificate) provided by an entity other 
than the seller (being execute at a member 110). 

7. In response to applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
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combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

8. In response to the Applicant's argument that Tozzoli does not discuss the use of filtering 
for data requiring signature by the buyer, the Examiner disagrees. Column 13, lines 53-67, 
discusses appending an electronic signature or other authorization code information to the order 
data. 

9. Thus Tozzoli at least acknowledges including a signature to appropriate data, thereby 
providing a basis for analogous art. 

1 0. See further rejections that follow. 

Claim Rejections 

1 1 . The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

12. Claim 37 is rejected under 35 U.S.C. 102(e) as being anticipated by U.S. Patent No.. 
6,675,153 to Cook et al. 5 hereinafter Cook. 

13. As per claim 37, Cook teaches a system for integrating a seller's Web site with a public 
key infrastructure, comprising: 

a Web server, see figures 1, blocks 106, 108, 3, blocks 106, 108, see also column 4, lines 
42-46, column 5, lines 11-31; 

a Web application connected to the Web server, the Web application adapted to identify 
HTTP requests that include data requiring signature and to create a Web page for transmission to 
a browser that will cause the browser to invoke a signing interface to sign the data, see figure 2, 
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blocks 114, 118, see column 1, line 62 to column 2, line 6, column 5, lines 11-31, column 6, 
lines 17-28; 

the Web application further adapted to identify HTTP requests that require a service 
provided by an entity other than the seller, see figures 1, block 108, 3, block 108, as well as 
column 3, lines 7-15; and 

a bank interface adapted to receive a request for service from the Web application, format 
and transmit the request, receive a response to the request, and forward the response to the Web 
application, see figure 1, blocks 102, 104, 3 blocks 102, 104, as well as column 4, lines 56-64, 
column 9, line 23 to column 10, line 8. 

14. Claims 1- 3, 5-9, 20, 21, 23-25, 28, 29, and 31-34 are rejected under 35 U.SC. 103(a) as 
being unpatentable over SET as taught by U.S. Patent No. 6,327,578 to Linehan, hereinafter 
referred to as SET, in view of U.S. Patent No. 5,717,989 to Tozzoli et al., hereinafter Tozzoli. 

15. As per claim 1, SET teaches a system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 

redirecting HTTP requests received from the Web browser, see figure 1, see also column 
3, lines 15-23, i.e. while on the internet, "the merchant's computer 104 forwards the consumer's 
payment request over internet path 122 during a second step to an acquirer gateway 106 
operating on behalf of the acquirer bank 108"; 
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an Internet server application adapted to receive a redirected HTTP request and process 
the redirected HTTP request, see figure 1, see also column 3, lines 23-32, i.e. "The acquirer 
gateway 106 passes the consumer's payment request to the acquirer bank 108 over a private 
network path 122'. The acquirer bank 108 sends the consumer's payment request to the card 
issuing bank 112 over the private network path 124 to check whether the consumer's credit or 
debit card account is active and sufficient, for the proposed transaction with the merchant. The 
issuing bank 112, as the card issuer, authorizes the transaction in a message sent over the private 
path 126 to the acquiring bank 108. The acquiring bank 108 sends the transaction authorization 
over private path 128' to the acquirer gateway 106, signing the message with the acquiring 
bank's digital signature"; 

receiving the processed HTTP request and identify an HTTP request that contains data 
requiring signature by the buyer, see figure 1 and column 3, lines 32-39, i.e. "The acquirer 
gateway 106 forwards it over the internet path 128 to the merchant, authorizing from the 
merchant to proceed with the transaction. Once the merchant has received the transaction 
authorization from the acquirer gateway 106, the merchant completes the sales transaction with 
the consumer." 

16. SET does not disclose the use of a filter or filter engine. 

17. Tozzoli discusses the use of filtering when processing transactions over the Internet. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
include filtering, since Tozzoli discloses in column 11, lines 52-57 that such a modification 
allows the merchant to verify and access data fields quickly and process the order accurately. 
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18. Regarding claim 2, SET discloses a bank interface adapted to receive the request and 
transmitting the request to the seller's bank in figure 1, blocks 106, 122', and 142', as well as 
column 3, lines 13-47. 

19. Tozzoli discloses the filter engine and reformatting the request in figures 3a-3c, column 
7, line 42 to column 8, line 3, column 1 1, lines 52-58, and column 12, line 64 to column 13, line 
4. 

20. With regards to claim 3, SET teaches wherein the bank interface is further adapted to 
receive a service response to the request from the seller's bank and forward the response to the 
filter engine, see figure 1, as well as column 3, lines 13-47. 

21. Regarding claim 5, Tozzoli teaches a second Web server adapted to parse requests 
redirected by the filter, see figure 5, as well as column 7, line 53 to column 8, line 12. 

22. Regarding claim 6, SET teaches wherein services provided by the seller's bank are 
provided within the context of a four-corner model, see figure 1 . 

23. With regards to claim 7, SET teaches wherein the four-corner model comprises the buyer, 
the seller, the seller's bank, and a buyer's bank, see figure 1, where the buyer is the consumer, 
block 102, the seller is the merchant, block 104, the seller's bank is the acquiring bank, block 
108, and the buyer's bank is the issuing bank, block 112. 
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24. Regarding claim 8, neither SET nor Tozzoli disclose wherein the filter is implemented 
using ISAPI. 

25. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to implement the filter using ISAPI, since it has been held that ISAPI is an easy-to- 
use, high performance interface for back-end applications and has significant performance 
advantages over the CGI specification, such as having its own dynamic-link library. 

26. Regarding claim 9, SET teaches wherein the Internet service application is adapted to 
generate HTTP responses based on data received from the filter engine, see column 3, lines 13- 
47. 

27. Regarding claim 20, SET teaches wherein the filter engine is adapted to return an object 
to the servlet, see column 3, lines 28-36. 

28. With regards to claim 21, SET teaches wherein the object comprises an integer value 
indicating one of four conditions: that a signature is required on data in the HTTP request, that a 
response has been received from the seller's bank concerning a service request, that the HTTP 
request has been passed through to the Web application, or that an error occurred, see column 3, 
lines 28-47. 

29. Regarding claim 23, Tozzoli and SET do not teach wherein the filter engine determines 
whether an HTTP request contains data requiring signature by applying filtering rules. 
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30. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine determine if the data required a signature, since SET discloses 
at column 3, lines 62-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

31. Regarding claim 24, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize each HTTP request that includes data requiring signature. 

32. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize that the data has a digital signature, since SET 
discloses at column 3, lines 62-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

33. Regarding claim 25, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize HTTP requests transmitted by the Web browser that have been 
modified to include a special tag that indicates whether the request includes data that requires 
signature. 

34. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize special tags that indicate the request for a digital 
signature, since SET discloses at column 3, lines 62-47 that such a modification would ensure 
that the transaction was authorized by the appropriate user. 
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35. Regarding claim 28, neither SET nor Tozzoli teach wherein the filter engine provides an 
abstracted front-end interface via java remote method invocation. 

36. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for linking to back-end 
applications. 

37. Regarding claim 29, Tozzoli teaches wherein the filter engine employs a rules class, see 
column 11, line 52 to column 12, line 11. 

38. Regarding claim 31, neither SET nor Tozzoli teach wherein the bank interface is 
designed with a plug-in based architecture. 

39. Linehan discloses wherein the bank interface is designed with a plug-in based 
architecture. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to design the bank interface with a plug-in based architecture, since Linehan 
discloses at column 9, lines 3-28 that such a modification would allow the bank to operate with 
foreign consumers. 

40. Regarding claim 32, SET and Tozzoli do not teach wherein the bank interface supports 
an abstract front-end interface to allow communication via a plurality of middleware 
technologies. 
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41 . It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for interacting with 
middleware from a plurality of vendors. 

42. Regarding claim 33, SET teaches wherein the bank interface is adapted to create and 
transmit OCSP requests, see column 3, lines 25-47. 

43. Regarding claim 34, SET teaches wherein the bank interface comprises a certificate 
status check module, see column 3, lines 25-47, 

44. Claims 4 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over SET in 
view of Tozzoli as applied to claim 2 above, and further in view of Linehan. 

45. With regards to claim 4, SET does not disclose wherein the service is certificate 
validation. 

46. Linehan discloses certificate validation. It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to include certificate validation, since Linehan 
states at column 4, lines 23-44 that such a modification would serve to validate that the payment 
was authorized by the card holder. 

47. Regarding claim 22, neither SET nor Tozzoli disclose wherein if the integer value 
indicates that a signature is required on data in the HTTP request then the Internet server 
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application stores a state of the filter engine in a cookie and causes a Web page containing the 
cookie and an instruction to sign the data to be transmitted to the Web browser. 

48. Linehan teaches wherein if the integer value indicates that a signature is required on data 
in the HTTP request then the Internet server application stores a state of the filter engine in a 
cookie and causes a Web page containing the cookie and an instruction to sign the data to be 
transmitted to the Web browser. It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to store the state of the system to send an indication that the 
data has to be signed, since Linehan discloses at column 4, lines 9-44 that such a modification 
would limit the number of unauthorized transactions. 

49. Claims 10-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over SET in 
view of Tozzoli as applied to claim 1 above, and further in view of U.S. Patent No. 6,052,785 to 
Lin et al., hereinafter Lin. 

50. Regarding claim 10, neither SET nor Tozzoli disclose wherein the Internet server 
application is adapted to pass a hash table to the filter engine. 

5 1 . Lin teaches wherein the Internet server application is adapted to pass a hash table to the 
filter engine. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have the server application pass a hash table to the filter engine, since Lin 
discloses at column 8, lines 43-56 that such a modification supports authentication, which is 
necessary to prevent fraudulent transactions. 
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52. With regards to claim 1 1, Lin teaches wherein the hash table comprises the headers from 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

53. With regards to claim 12, Lin teaches wherein the hash table comprises the method of the 
redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

54. With regards to claim 13, Lin teaches wherein the hash table comprises the content-type 
of the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

55. With regards to claim 14, Lin teaches wherein the hash table comprises the buyer 
computer's IP address, see figure 3, as well as column 8, line -51 to column 9, line 17. 

56. With regards to claim 15, Lin teaches wherein the hash table comprises the actual data in 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

57. With regards to claim 16, Lin teaches wherein the hash table comprises a unique session 
H), see figure 3, as well as column 8, line 51 to column 9, line 17. 

Allowable Subject Matter 

58. Claims 17-20, 26, 27, 30, 35, and 36 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 
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Conclusion 

59. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

60. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

61 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

62. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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63. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Christian LaForgia 



Patent Examiner 
Art Unit 2131 
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